[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Wed Sep 7 17:58:02 UTC 2016
The branch master has been updated
via 978ecbb08be69864c2a85524eafbdb70487becb0 (commit)
from 3e2dd30d665f3a312a45f945ffafb74ff6c420d6 (commit)
- Log -----------------------------------------------------------------
commit 978ecbb08be69864c2a85524eafbdb70487becb0
Author: David Woodhouse <David.Woodhouse at intel.com>
Date: Wed Sep 7 16:53:18 2016 +0100
Avoid EVP_PKEY_cmp() crash on EC keys without public component
Some hardware devices don't provide the public EC_POINT data. The only
way for X509_check_private_key() to validate that the key matches a
given certificate is to actually perform a sign operation and then
verify it using the public key in the certificate.
Maybe that can come later, as discussed in issue 1532. But for now let's
at least make it fail gracefully and not crash.
GH: 1532
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1547)
(cherry picked from commit 92ed7fa575a80955f3bb6efefca9bf576a953586)
-----------------------------------------------------------------------
Summary of changes:
crypto/ec/ec_ameth.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index a899932..9792007 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -171,6 +171,8 @@ static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
*pb = EC_KEY_get0_public_key(b->pkey.ec);
+ if (group == NULL || pa == NULL || pb == NULL)
+ return -2;
r = EC_POINT_cmp(group, pa, pb, NULL);
if (r == 0)
return 1;
@@ -311,6 +313,8 @@ static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
{
const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
*group_b = EC_KEY_get0_group(b->pkey.ec);
+ if (group_a == NULL || group_b == NULL)
+ return -2;
if (EC_GROUP_cmp(group_a, group_b, NULL))
return 0;
else
More information about the openssl-commits
mailing list